I also see signs of AVG, Computer Associates, and Symantec antivirus programs in your log. Are you running all of these or are there just remnants of old ones ? You should never install more than one antivirus scanner on your system! Several together can cause problems and decrease the reliability.

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Next, run Ad-aware and perform a full scan. Remove everything found.

Now open Ewido Security Suite

Click on Scanner

Click on Complete System Scan and the scan will begin.

NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action.

DO NOT select "Perform action on all infections"

When the scan is finished, click the Save report button at the bottom of the screen.

Run the Panda online virus scan at http://www.pandasoft.../activescan.htm- Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country- Enter your State/Province- Enter your e-mail address and click send- Select either Home User or Company- Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)- When download is complete, click on Local Disks to start the scan- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist

After we get this cleaned up, there are updates that NEED to be done, so please don't forget to come back.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.

File -> SaveAs -> PANDAFIX.REG For the file type be sure to set as "all files" and click save

Close notepad and double click on PANDAFIX.REG

Run the Panda online virus scan at http://www.pandasoft.../activescan.htm- Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country- Enter your State/Province- Enter your e-mail address and click send- Select either Home User or Company- Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)- When download is complete, click on Local Disks to start the scan- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Run HijackThis and place a checkmark in the following line

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Click Fix Checked

Please post the Panda report and another HijackTHis log here so we can make sure that it removed the bad files.

Glad to here the explorer error is gone. This little cleanup and then there are Updates that NEED to be done.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.

I tried that, but it still doesn't work..
Still the same message, my pc always has trouble with active X..
Does it has to be panda activescan? Or does housecall, kaspersky, etc. work as well?
Because they work fine here..

Kaspersky, should be fine. The main reason for recommending Panda is that they are known to repair the altnet and produces the log for us to review. If Kaspersky does not produce a log, be sure to pay attention for the Spyware.Altnet to be sure that it is removed. Let me know what it gets and post another Hijack this log for review.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.

I still see signs of AVG, Computer Associates, and Symantec antivirus programs in your log. Are you running all of these or are there just remnants of old ones ? You should never install more than one antivirus scanner on your system! Several together can cause problems and decrease the reliability.

Here are the things you need to do to remove the files that Kaspersky found.

Remove Restore Points, leaving the most recent. This is done in Disk Cleanup.Start -> Programs -> Accessories -> System Tools -> Disk CleanupIn Disk Cleanup, Choose the Tab at the top, More OptionsIn More Options, under System Restore, Click on Clean UpThis will ask you to confirm removing all but the most recent restore point, Click Yes

Install and Run CleanUpClick on OptionsSelect the Temporary File Tab at the topRemove *.bak from the list and click OKClick on CleanUp!When it completes, it will ask Do you wish to logoff now ? Click No.

Copy the text in the code box to a notepad file and save it as VIRCLEAN.BATWhen you save the file, this is the same as the previous save file type "All Files"

I used to have Symantec Antivirus, but now I use AntiVir. I uninstalled the Symantec but there are still files on my pc which I can't remove..
I'm not sure what the computer associates is, but I think that it is from an e-trust antiverus program which was installed on my PC when I bought him. I also removed that a while ago. There is only one antivirus program active on my PC, which is AntiVir

3. Change the location in the Save in field to Desktop, and then click Save.

4. If you have Windows XP Service Pack 2, you will see the message "the publisher could not be verified. Are you sure you want to run this software?" Click Run.

5. Double-click the Rnav2003.exe icon on the Desktop to launch the application.

6. On the RNAV Question screen, click No to continue the process.

7. If you upgraded from a previous version of Norton AntiVirus, then choose the version of Norton AntiVirus that was originally installed. For example, if you originally installed Norton AntiVirus 2001 and then upgraded to Norton AntiVirus 2002 and then Norton AntiVirus 2003, you would run the Rnav2003.exe removal tool for Norton AntiVirus 2001 first, restart the computer, run the utility again for Norton AntiVirus 2002, restart the computer and run the utility a third time for Norton AntiVirus 2003 and restart the computer. (If Norton AntiVirus 2003 was the only version of Norton AntiVirus that was installed, then you will only have to run the Rnav2003.exe removal utility once.)If you have Norton Internet Security, then see the instructions for that program in the table at the beginning of this document.

The Rnav2003 tool didn't work, but i read the instructions on that website and I finally could remove the map norton antivirus manually.

The Pandascan still doesn't work; when i try it with netscape i get the following errors: Can't find the file Pskutil.dll. I found that file on the internet, downloaded it and placed it in the map activescan. I tried it again, then it tells me that it can't find the file PSKVFILE.dll, I downloaded that too and placed in the map activescan. Then i tried it again and i got the message that the file pskalloc.dll is missing, and when i placed that in the map activescan, it starts all over again..

Start -> Control Panel -> System, System restore tab at the top. Tick "Turn off System Restore" and reboot. That will erase all restore points.

After reboot, go back in and turn System Restore back on.

Remove the files in the !killbox folder, by deleting the folderC:\!killbox

Killbox creates a quarantine of the files in case we need them for analysis. We don’t need these so you can delete this folder.

To get rid of the IRC worm, delete the following folder

C:\Program Files\mIRC

I have had an issue in the office with Panda not running lately. I found that if I did a Trend Micro Housecall online scan then it would sometimes run. Please run a Housecall scan, have it clean anything it finds.

Please run the Housecall online virus scan located at:http://housecall.tre.../start_corp.aspFollow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.

When the scan is finished, please restart your computer.

Please post a HijackThis log for one last look and then we will do updates that are NEEDED.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.

Your Windows / Internet Explorer is at Service Pack 1. You have Windows Updates http://windowsupdate.microsoft.com/ that need to be done. These updates can patch many of the security holes through which attackers can gain access to your computer. I cannot stress enough how important this is.

I notice you have Java jre1.5.0_04. There are known issues with Java that can allow Vundo malware to get installed. I would remove all versions prior to the most current which is 5.6.

Go to Add/Remove programs and remove the prior versions. To install the latest version, go to www.java.com and choose the download that is available.

For security reasons, it is very important to remove ALL previous versions of Sun Java via Control Panel»Add/Remove. Further, search 'Programs' and 'Application Data' and remove all old verison files manually!

Additional Protection that I would like to recommend:

SpywareGuardA tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

SpywareBlasterA tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.https://netfiles.uiu...ww/resource.htm

Let me know if you have any problems or questions.

Topher

Edited by Topher069, 04 December 2005 - 01:13 PM.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.

Glad we could help. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

I'm a volunteer, it's my pleasure to serve, but if you feel so inclined to support the effort, the SWI site needs donations to operate. Thank you for your support.